#326 ssh over https

Open
opened 1 month ago by rolfn · 4 comments
rolfn commented 1 month ago

ssh connections are not allowed in my company. But I would still like to communicate via ssh. Other Git servers offer an alternative approach:

  • GitHub: ssh.github.com
  • GitLab: altssh.gitlab.com

If I use these htpps accesses in connection with a "proxy tunnel" (e.g. this software), I am still able to communicate via ssh.

Would something like that also be possible at Codeberg? Thanks in advance.

Rolf

ssh connections are not allowed in my company. But I would still like to communicate via ssh. Other Git servers offer an alternative approach: * GitHub: ssh.github.com * GitLab: altssh.gitlab.com If I use these htpps accesses in connection with a "proxy tunnel" (e.g. [this software](https://github.com/proxytunnel/proxytunnel)), I am still able to communicate via ssh. Would something like that also be possible at Codeberg? Thanks in advance. Rolf
hw commented 1 month ago
Poster
Owner

What setup/protocol would be most sensible here? Just ssh on port 443, something like socat rerouting, or something completely different? What would work best in this scenario? Do you have some example setup that works for you?

What setup/protocol would be most sensible here? Just ssh on port 443, something like `socat` rerouting, or something completely different? What would work best in this scenario? Do you have some example setup that works for you?
rolfn commented 1 month ago
Poster

It's port 443. I am using the program "proxytunnel" on Linux. It is part of various Linux distributions. Example for GitLab:

At home I have direct access to

git@gitlab.com:rolf.niepraschk/notizen.git

In my company, I have a similar ssh access if I write the following in $HOME/.ssh/config:

Host gitlabproxy
  User rolf.niepraschk
  Hostname altssh.gitlab.com
  Port 443
  ProxyCommand /usr/bin/proxytunnel -p COMPANYS_PROXY_SERVER:8080 -d %h:%p

and change the entry within .git/config of my git repository from

[remote "origin"]
        url = git@gitlab.com:rolf.niepraschk/notizen.git

to

[remote "origin"]
        url = git@gitlabproxy:rolf.niepraschk/notizen.git

I can't say more about the background. Maybe it is possible to adapt the source code from GitLab.

It's port 443. I am using the program ["proxytunnel"](https://github.com/proxytunnel/proxytunnel) on Linux. It is part of various Linux distributions. Example for GitLab: At home I have direct access to ``` git@gitlab.com:rolf.niepraschk/notizen.git ``` In my company, I have a similar ssh access if I write the following in `$HOME/.ssh/config`: ``` Host gitlabproxy User rolf.niepraschk Hostname altssh.gitlab.com Port 443 ProxyCommand /usr/bin/proxytunnel -p COMPANYS_PROXY_SERVER:8080 -d %h:%p ``` and change the entry within `.git/config` of my git repository from ``` [remote "origin"] url = git@gitlab.com:rolf.niepraschk/notizen.git ``` to ``` [remote "origin"] url = git@gitlabproxy:rolf.niepraschk/notizen.git ``` I can't say more about the background. Maybe it is possible to adapt the source code from GitLab.
Poster

Perhaps instead of socat the following tool may be suitable https://github.com/mholt/caddy-l4 it's from the creator of caddy

Perhaps instead of socat the following tool may be suitable https://github.com/mholt/caddy-l4 it's from the creator of caddy
fnetX commented 1 day ago
Poster

If @rolfn 's problem is a blocked ssh port, a quick workaround without creating complex setups is opening some commonly free ports for ssh. I did so to access my servers from within a very strict network.

@techknowlogick 's software would allow to use a caddy proxy that even allows ssh connections on port :80 and port :443 which would be a really nice solution but might require some maintenance to not break normal web access while the app describes itself as unstable ("expect breaking changes")

Note: Caddy can usually read nginx configs.
Note 2: someone could check if nginx allows the same thing, at least they support forwarding of non-http protocols, may be they also support detecting them.

If @rolfn 's problem is a blocked ssh port, a quick workaround without creating complex setups is opening some commonly free ports for ssh. I did so to access my servers from within a very strict network. @techknowlogick 's software would allow to use a caddy proxy that even allows ssh connections on port :80 and port :443 which would be a really nice solution but might require some maintenance to not break normal web access while the app describes itself as unstable ("expect breaking changes") Note: Caddy can usually read nginx configs. Note 2: someone could check if nginx allows the same thing, at least they support forwarding of non-http protocols, may be they also support detecting them.
Sign in to join this conversation.
No Milestone
No Assignees
4 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.